[libselinux/f17] Add assert to avc calls to make sure avc_init has been called.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Mar 1 21:00:09 UTC 2012
commit 0f82e5f63ff52571760dc4541485696e707de4de
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Mar 1 16:00:07 2012 -0500
Add assert to avc calls to make sure avc_init has been called.
libselinux-rhat.patch | 49 +++++++++++++++++++++++++++++++++++++++++++++++--
libselinux.spec | 5 ++++-
2 files changed, 51 insertions(+), 3 deletions(-)
---
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index e7f90a3..bb864d1 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -343,10 +343,46 @@ index 1bf3599..f621de7 100644
return 1;
}
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
-index e7ad31d..21c09f7 100644
+index e7ad31d..6ff83a7 100644
--- a/libselinux/src/avc.c
+++ b/libselinux/src/avc.c
-@@ -819,6 +819,7 @@ int avc_has_perm(security_id_t ssid, security_id_t tsid,
+@@ -9,6 +9,7 @@
+ */
+ #include <selinux/avc.h>
+ #include "selinux_internal.h"
++#include <assert.h>
+ #include "avc_sidtab.h"
+ #include "avc_internal.h"
+
+@@ -69,6 +70,9 @@ static inline int avc_hash(security_id_t ssid,
+ int avc_context_to_sid_raw(const security_context_t ctx, security_id_t * sid)
+ {
+ int rc;
++ /* avc_init needs to be called before this function */
++ assert(avc_running);
++
+ avc_get_lock(avc_lock);
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid);
+ avc_release_lock(avc_lock);
+@@ -249,6 +253,8 @@ void avc_cache_stats(struct avc_cache_stats *p)
+
+ void avc_sid_stats(void)
+ {
++ /* avc_init needs to be called before this function */
++ assert(avc_running);
+ avc_get_lock(avc_log_lock);
+ avc_get_lock(avc_lock);
+ sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE);
+@@ -548,6 +554,8 @@ void avc_destroy(void)
+ struct avc_callback_node *c;
+ struct avc_node *node, *tmp;
+ int i;
++ /* avc_init needs to be called before this function */
++ assert(avc_running);
+
+ avc_get_lock(avc_lock);
+
+@@ -819,6 +827,7 @@ int avc_has_perm(security_id_t ssid, security_id_t tsid,
errsave = errno;
avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
errno = errsave;
@@ -354,6 +390,15 @@ index e7ad31d..21c09f7 100644
return rc;
}
+@@ -878,6 +887,8 @@ int avc_compute_member(security_id_t ssid, security_id_t tsid,
+ int rc;
+ security_context_t ctx = NULL;
+ *newsid = NULL;
++ /* avc_init needs to be called before this function */
++ assert(avc_running);
+ avc_get_lock(avc_lock);
+
+ rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx);
diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
index be4c0a3..a07aa7f 100644
--- a/libselinux/src/avc_internal.c
diff --git a/libselinux.spec b/libselinux.spec
index bcb91ee..2b7b552 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -8,7 +8,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.1.9
-Release: 9%{?dist}
+Release: 10%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: %{name}-%{version}.tgz
@@ -233,6 +233,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
+* Thu Mar 1 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.9-10
+- Add assert to avc calls to make sure avc_init has been called.
+
* Thu Feb 16 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.9-9
- Add selinux_current_policy_path to return /sys/fs/selinux/policy if it exists
- Otherwise search for policy on disk
More information about the scm-commits
mailing list